Dubbed Thunderstrike, because it spreads through maliciously modified peripheral devices that connect to a Mac's Thunderbolt interface. When plugged into a Mac that's in the process of booting up, the device injects what's known as an Option ROM into the extensible firmware interface (EFI), the firmware responsible for starting a Mac's system management mode and enabling other low-level functions before loading the OS. The Option ROM replaces the RSA encryption key Macs use to ensure only authorized firmware is installed. From there, the Thunderbolt device can install malicious firmware that can't easily be removed by anyone who doesn't have the new key.
About Paul Spoerry
I’m a groovy cat who’s into technology, Eastern Thought, and house music. I’m a proud and dedicated father to the coolest little guy on the planet (seriously, I'm NOT biased). I’m fascinated by ninjas, the Internet, and anybody who can balance objects on their nose for long periods of time.
I have a utility belt full of programming languages and a database of all my knowledge on databases... I practice code fu. Oh, I've also done actual Kung Fu, and have a black belt in Tae Kwon Do.
I run. I meditate. I dance. I blog at PaulSpoerry.com, tweet @PaulSpoerry, and I'm here on Google+.
I'm currently work for IBM developing web enabled insurance applications for IBM and support and develop a non-profit called The LittleBigFund.
Comments
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Scott Wilson says
So you could use this method to de-apple the bootloader and make your hardware yours again. You could install whatever OS you wanted on your hardware.
Oliver Sten says
+Scott Wilson sounds like you probably could 🙂
Scott Wilson says
+Oliver Sten I could have about a year ago. I burned out on Apple's weird hardware issues, and horrible customer service skills. I got sick of fighting them to honor their warranties. I don't like this new Apple.
Oliver Sten says
+Scott Wilson ,
I hate the fact that they now solder memory and hard drives into their laptops motherboards , the final step to remove customisation from the end user.
Scott Wilson says
+Oliver Sten The pile of glue they use now irks me to no end. Because fasteners are so expensive. I pay more for hardware now, but I get a much higher quality product than Apple makes.
Ryan Heyworth says
Which brand of hardware are you referring to? +Scott Wilson
Chris G. Sellers says
Why it is important to know your manufacturer. Tis also why Apple is so strict on compatability
Scott Wilson says
+Ryan Heyworth Lately Lenovo. I'm a huge fan of their carbon fiber ultrabooks. No need for a case. Best keyboards money can buy. Tough as hell. Amazing looking. Side benefit: full Linux support. Everything works. Good battery life. Yes, it's going to cost you a lot over a similarly spec'd macbook air (about 800 more) but it's a much better laptop.
Darth Kakeeway says
tell me something i dont already know
Shan L says
Need this for Apple store lol
Mike Picard says
Dude, everyone knows macs CAN'T Get viruses or malware.
Akira Tamashiro says
Yeeaahhh, about that…
Alex Musick says
You gotta admit, this is genius. Not moral or ethical, but absolutely genius.
Andrew Buckeridge says
EFI is just wrong.
Edward Kent says
Similar exploit out for MSWindows.
Shan L says
+Mike Picard back in 2009 ya
Aleksandar Nikoloski says
apple sux nokia wins
http://www.gsmarena.com/nokia_sells_20000_n1_tablets_in_china_in_4_minutes-news-10695.php
K.B. Burnfield says
If I have physical access to ANY computer I could hack it and leave a backdoor.
Mac, PC or Linux box.
If you have physical access to a computer there's 5000 things you can do. This isn't an apple issue, it's a physical access to an electronic device issue.
Scott Wilson says
+K.B. Burnfield unless it's a Chromebook (for now) but yeah.
Alex Musick says
+Scott Wilson But like half the chromebook users out there have dev mode on anyway so they can actually do more than browse the internet.
Scott Wilson says
+Alex Musick Half? Could you cite a source please?
Alex Musick says
+Scott Wilson I don't have any statistics personally, I exaggerated. I mean that a lot of them do.
K.B. Burnfield says
But rebooting a Chromebook into Dev mode is easy as pie whether the owner had it on or not.
Turn it on, do your thing, turn it off.
Scott Wilson says
+K.B. Burnfield and you won't get any of their data because it will be gone. That's the point. Chrome OS, for the moment, is immune to these types of attacks because of the aggressive boot security.
Moctar Fofana says
The only way this would be viable is for them to infiltrate a peripheral manufacturing company and infect a production line with the exploit which then ends up being purchased in a store somewhere. The other option of gaining physical access to the targeted computer increases the risk of being caught and receiving the ass kicking of a life time, exponentially.
Paul Spoerry says
Nobody's ever done that… er… well, aside from the NSA exploiting routers and all that while in transit.
Jeroen Mathon says
Glad i am on linux.
Feel like a god with the control i have over my system.
Andrew Buckeridge says
I'm glad I run Debian GNU/Linux with LILO under BIOS and never let any one else use my computer. GRUB gets confused and thinks it's been booted with EFI.
It's a Mac with Snow Leopard and rEFIt so I never let anyone else use it. It does not have Thunderbolt, but old mini DP. Any DMA channel like FireWire could do similar, but I have USB dongles.
rEFIt and parts of BOOTCAMP provide BIOS required to set up WinVidia dismay for GNU/Linux. Can't boot MBP with ELILO unless you disable WinVidia dismay. Needs a (USB) serial port up at boot time.
Alex Musick says
Are we just gonna brag about how good our setup is? I just have a (somewhat) standard setup and accept it's never in a vulnerable position.
Scott Wilson says
I've typing on a Chromebook Pixel. Done. Nothing to really change lol.
Edward J says
This happened to me while in Asia. I decided to distrust Apple's dev key for a variety of reasons and then was able to find 10gb of language files ( mostly Chinese) that were not there an hour prior when I checked. I then deleted them all and securely erased the trash which took 18 hours and my Mac never turned on after that and had to have both the motherboard and the ssd replaced just to see the apple logo upon boot. Before they replaced that you could hear only the start up sound but the screen remained black. Crazy shit.
Edward J says
Hey Paul, how could you say nobody has ever done that? Are you God or something? It's dumb asses like you that are the reason white hats are so far behind black hats and governments